Exploiting Amazon active vulnerability

How to exploit an Amazon active vulnerability and get access to Prime (& all it’s benefits, including all Prime Video Channels) for free, due to a too extensive grace period of payment.

Why?

About a year ago I reported to Amazon a vulnerability which allows a malicious user to abuse the grace period of a prime payment, however this report was closed as informative. According to them, It is an expected behavior, therefore no vulnerability. So here I am to share it to everyone :)

Also, it is not illegal or anything. You can follow this article without any legal problem, no worries, Amazon’s security team gave their word.

What does it do?

By exploiting this vulnerability, you’ll have full access to all prime services (prime gaming, video, music, reading, etc.) and benefits for free.

OK, HOW?

I know, you may be thinking: nah, this isn’t easy, this must be a complex exploit or something that I won’t be able to follow.

Wrong, this is PRETTY EASY. There is just one thing that you are going to need: a no fund credit card. I got mine from a pre-paid credit card service.

STEPS:

  • Add your no fund credit card to payment methods on Amazon;
  • If you have a Prime payment already configured, change to the no fund credit card;
  • Select 30 days of prime and proceed the payment. While the payment is being processed (which will take 35 days), you’ll be able to enjoy all prime’s benefits
payment being processed for over a month
  • Once the 35 days are over, you’ll receive an email telling you to update your prime payment method. So, what should you do next? Just cancel prime and do the same process all over again (on the same account).

That is the exactly same process for prime video channels like paramount+ or Look or any other.

Thank you for reading this article, up vote (clap) this article to get popularity and let Amazon know that they are messing up with their hacker partners.

--

--

--

Programmer, ethical hacker and pentester. 18 yo.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

In the Age of Mega Cyber Breach; Is your Bank Resilient?

Berry Data X SafeTheHumanity — Create Easier Access to Charity Donation

{UPDATE} 北斗之拳 傳承者再臨 Hack Free Resources Generator

Why is Data Investigation Critically Important In The Age Of Data Breaches?

Lock break

Neptune Mutual Launching on the Polygon Testnet

Tech Arrgh: Should You Get A Secure Certificate For Your Website

Was My Data Stolen? Potential Data Breach Scenarios and Brief Map

What’s going “ON” in the Cyberspace

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Benjamin Walter

Benjamin Walter

Programmer, ethical hacker and pentester. 18 yo.

More from Medium

Understanding Spring4Shell RCE from an engineer’s perspective (with code)

Things You Must Know For Vehicle Hacking: PART 2

Cloud security with flaws.cloud

Cyber Apocalypse CTF 2022 Writeup — Down the Rabinhole